Security Operations Fundamentals > [T2]: Lab - Microsoft Sentinel SIEM Overview

Overview of Microsoft Sentinel SIEM

As the previous definition indicates, it is a cloud-native solution. It means you will not need the hustle to deploy the solutions locally. Instead, you need to enable the service from the Azure portal and connect all your data sources. The main core capabilities of Microsoft Sentinel are: 

  • Data Connection (at large-scale): Data connections are major components of SIEM solutions. For the solution to identify attacks, it is crucial to forward events generated by the organization's assets to the SIEM solution. Microsoft Sentinel offers a large set of built-in connectors that you can use to ship logs. There is no need to deploy log storage and parsing pipelines. 
  • Threat Detection: Microsoft Sentinel has different capabilities to detect cyber attacks effectively and rapidly identify malicious activities. Detection rules (Analytics), Artificial intelligence (AI), and Machine Learning models are some detection capabilities. 
  • Incident Investigation: Once an alert is triggered, analysts will be provided a complete space to investigate incidents and determine what happened during an attack. 
  • Responding to Incidents: Responding promptly to incidents is essential in incident response. It is crucial to slow down the attacker and prevent them from causing more damage. Microsoft Sentinel provides analysts with automation functionalities to respond to incidents rapidly and prevent alert fatigue.

Figure - zoom in

To access Microsoft Sentinel,

  • Go to the "Azure Portal".
  • Log in as per the lab guide.
  • Search for "Microsoft Sentinel".

Figure - zoom in

Click on “cyberdefenders”.

Figure - zoom in

Voila! Now you are ready to experiment with Microsoft Sentinel. You can access helpful information through the main dashboard/page, such as the number of events, alerts, incidents, live threat map, etc.
 

Figure - zoom in


Change the time range to 31 Aug 2022 -  5 Oct 2022.
 

Figure - zoom in

← Prev Dashboard Next →